问题
I am building an app for the Google Marketplace and just made the switch to OAuth 2.0 from 1.0 before final deployment.
Before the switch, I was able to use the provisioning API to fetch users in a domain that has installed the app given, appropriate permissions have been granted.
My experience with the Directory API (the OAuth 2 counterpart) requires that i perform a 2-legged OAuth to get an access token which I then uses to perform the Admin action. This only works if the access token belongs to an Administrator user of the subject domain.
There's a section in the app that pulls all users from the domain and I need this to be accessible to all logged in users including non-administrative users of the domain.
Didn't have such problems when I was using the provisioning API using the Zend library
回答1:
Not sure. But the following post might be helpful
Until recently this technique was mostly performed using 2-Legged OAuth 1.0a (2-LO). However, with the deprecation of the OAuth 1.0 protocol and the resulting programmed shutdown of 2-LO, the recommended authorization mechanism is now to use OAuth 2.0 and service accounts.
source - http://googleappsdeveloper.blogspot.com/2012/11/domain-wide-delegation-of-authority-and.html
来源:https://stackoverflow.com/questions/22172909/using-google-directory-api-to-fetch-all-users-in-a-domain